Help with Network monitor rules (former Kerio 2.1.5 user)

I tried Comodo a while back and reverted back to Kerio but now I’m ready to give Comodo another go.

I’ve read and re-read through out this forum and came upon this thread…https://forums.comodo.com/index.php/topic,2405.0.html

I also read the FAQ section and went through this thread a few times https://forums.comodo.com/index.php/topic,1125.0.html

I want to tighten up the rules in the Network Monitor such as shown from the first link because it is similar to the rules I used with Kerio.

My problem is I dont know where to start or where to end with Comodo.

For instance Remote Endpoint in Kerio is the same as Source Port in Comodo, different words, same meaning but still some what confusing.

I dont want to change or remove something from the default rules of the Network Monitor and end up leaving myself wide open on the internet.

Is there someone who can get me started in the right direction or is there a former Kerio 2.1.5 user who switched over to Comodo and knows what I’m talking about?

I would really appreciate any help at all, thanks.

JWill,

I’ll let a former Kerio user step in for more details that will be perhaps more easily understood, but I would like to quickly address to parts of your post:

For instance Remote Endpoint in Kerio is the same as Source Port in Comodo, different words, same meaning but still some what confusing.

Keep in mind that “Source Port” is in reference to just that - the source. So if you’re talking about Outbound traffic, the Source Port would be on your machine. However, if you’re referring to Inbound (unsolicited) traffic, then Source Port is on the remote machine (ie, internet, server, etc). This is true for all “Source” and “Destination” references within CPF.

I dont want to change or remove something from the default rules of the Network Monitor and end up leaving myself wide open on the internet.

As long as you have that “Block & Log” Rule at the bottom of the Network Monitor, for all “In” traffic, then you will have some measure of security. The Network Rules in CPF filter from the top down; either until the traffic is explicity allowed, or explicity/implicitly denied.

LM

Thanks for the response Little Mac.
I think I should have mentioned looking to control outbound traffic since I’m behind a router.

No problem, JWill…

From the first link in your post, basically, Paul (p2u) has created a set of Network Rules to control the connections for Windows Updates, etc (similar to what is posted at Firewall Leaktester’s site).

Then he has some corresponding rules in the Application Monitor, to match up IP ranges and Ports.

This is very do-able. I’d send you to m0ng0d’s explanation of network control rules, but you’ve already been there. :wink:

When you say in your first post that you don’t know where to start or end with Comodo, can you possibly elaborate on that statement a bit? I realize that may be kinda hard, but you’ve read through some material here in the forums… did you gain any increase in understanding about the way CPF’s layered rulesystem works?

And, are there specific applications you are trying to control access for, etc. Some more info would be great.

LM